[lxc-users] More secure container
Jared Folkins
jfolkins at gmail.com
Tue May 9 15:47:49 UTC 2017
This email is timely as I was researching this (again) last night. It
resulted in me taking a look through the lxd demo server code and configs
which I think do a very reasonable job at allowing untrusted users access
to containers.
https://github.com/lxc/lxd-demo-server
My final thought was that if the community felt there was a bit more to
add, we/I could fork the project and call it lxd-demo-server-paranoid with
some extra security configuration primitives sprinkled on top.
I haven't defined what the "extras" would be, but if the idea sounds
reasonable, I'd love some ideas.
Jared
On Tue, May 9, 2017 at 8:22 AM, T.C 吳天健 <tcwu2005 at gmail.com> wrote:
> Hi ,
>
> Its said privileged container is unsecured . For example, if a user in the
> container (suppose it's running a service toward the public) hack the
> system with some kind of root kit.
>
> I am thinking of building a more secure container. The first idea is to
> use unprivileged container; Second is apply cgroup to limit viewing of
> some sensitive /dev files, and any recommendation?
>
> Summary
> -use unprivileged container
> -cgroup to limit viewing of some /dev files
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170509/3a37621b/attachment.html>
More information about the lxc-users
mailing list